GSASL channel-binding: TLS resumption checks
[users/jgh/exim.git] / test / confs / 3820
1 # Exim test configuration 3820
2
3 SERVER=
4
5 .ifdef TRUSTED
6 .include DIR/aux-var/tls_conf_prefix
7 .else
8 .include DIR/aux-var/std_conf_prefix
9 .endif
10
11 primary_hostname = myhost.test.ex
12 tls_certificate = ${if eq {SERVER}{server}{DIR/aux-fixed/cert1}fail}
13
14 # ----- Main settings -----
15
16 acl_smtp_rcpt = accept
17 queue_only
18
19
20 begin routers
21
22 client_r:
23   driver =      accept
24   condition =   ${if !eq {SERVER}{server}}
25   transport =   smtp
26
27 begin transports
28
29 smtp:
30   driver =      smtp
31   hosts =       127.0.0.1
32   allow_localhost
33   port =        PORT_D
34 .ifdef TRUSTED
35   hosts_require_tls = *
36   tls_verify_certificates = DIR/aux-fixed/cert1
37   tls_verify_cert_hostnames = :
38 .endif
39   hosts_require_auth = *
40
41 # ----- Authentication -----
42
43 begin authenticators
44
45 .ifndef TRUSTED
46 sasl1:
47   driver = gsasl
48   public_name = ANONYMOUS
49   server_set_id =       $auth1
50   server_condition =    true
51
52 sasl2:
53   driver = gsasl
54   public_name = PLAIN
55   server_set_id =       $auth1
56   server_condition =    ${if eq {$auth3}{pencil}}
57
58   client_condition =    ${if eq {plain}{$local_part}}
59   client_username =     ph10
60   client_password =     pencil
61 .endif
62
63 sasl3:
64   driver = gsasl
65 .ifdef TRUSTED
66   public_name = SCRAM-SHA-1-PLUS
67   server_advertise_condition =  ${if def:tls_in_cipher}
68   server_channelbinding =       true
69 .else
70   public_name = SCRAM-SHA-1
71 .endif
72
73   # will need to give library salt, stored-key, server-key, itercount
74   #
75   # sigh
76   # gsasl takes props: GSASL_SCRAM_ITER, GSASL_SCRAM_SALT.  It _might_ take
77   # a GSASL_SCRAM_SALTED_PASSWORD - but that is only documented for client mode.
78
79   # unclear if the salt is given in binary or base64 to the library
80   server_scram_salt =   QSXCR+Q6sek8bf92
81   server_password =     pencil
82   server_condition =    true
83   server_set_id =       $auth1
84
85   client_condition =    ${if eq {scram_sha_1}{$local_part}}
86   client_username =     ph10
87   client_password =     pencil
88 .ifdef TRUSTED
89   client_channelbinding = true
90 .endif
91
92
93 # End